package com.vastcom.jwt;

import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.PathMatcher;
import org.springframework.web.filter.OncePerRequestFilter;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Arrays;
import java.util.Map;

import static com.vastcom.jwt.JwtUtil.ROLE;

public class JwtAuthenticationFilter extends OncePerRequestFilter {

    private static final PathMatcher pathmatcher=new AntPathMatcher();
    private String protectUrlPattern="/api/**";

public JwtAuthenticationFilter(){

}

    @Override
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
//是不是可以在这里做多种方式登录呢
        try {
            if(isProtectedUrl(httpServletRequest)){
                Map<String,Object> claims=JwtUtil.validateTokenAndGetClaims(httpServletRequest);
                String role=String.valueOf(claims.get(ROLE));
                //最关键的部分就是这里, 我们直接注入了
                SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(
                        null,null, Arrays.asList(()->role)
                ));

            }
        } catch (Exception e) {
            e.printStackTrace();
            httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED,e.getMessage());
            return;
        }
       filterChain.doFilter(httpServletRequest,httpServletResponse);


    }

    private boolean isProtectedUrl(HttpServletRequest request){
    return pathmatcher.match(protectUrlPattern,request.getServletPath());
    }
}
